NAO - National Audit Office

09/12/2024 | News release | Distributed by Public on 09/12/2024 08:52

Guidance for audit committees on cloud services

This is the latest version of our cloud guidance for audit committees updating guides published in 2021 and 2019. Since 2021 more of the public sector has adopted cloud services, with a matching increase in government spending with the big cloud providers. Many found our previous guide to be valuable, so we have updated it to reflect the evolution of cloud services.

Jump to downloads

Government has developed digital policy to support moving to the cloud for over a decade, and the number of cloud services continues to increase. But some organisations may lack the capacity and expertise to choose the right services for their needs.

Our guide sets out specific questions for audit committees to consider when engaging with their management on this.

It takes a lifecycle approach and poses informed questions at three key stages:

  • Strategic assessment of cloud services: This section covers both first-time adoption and continuing re appraisal and re-evaluation of cloud services.
  • Implementation of cloud services: This covers mid-lifecycle implementation and considers system configuration, data migration, and service risk and security issues when moving from one cloud provider to another, or from on-premises to cloud for the first time.
  • Management and optimisation of cloud services: This later lifecycle section covers operational considerations, the need for assurance from third parties, the capabilities needed to manage live running, and how to continue to control costs.